<?xml version="1.0"?> 
<ruleset>
	<extraHeaderAction>ignore</extraHeaderAction>
	<extraCookieAction>continue</extraCookieAction>
	<extraParameterAction>ignore</extraParameterAction>

	<rule>
		<name>ASPSESSIONID</name>
		<paramType>cookie</paramType>
		<regex>^[A-F0-9]{24}$</regex>
		<malformedAction>continue</malformedAction>
		<missingAction>ignore</missingAction>
	</rule>
 	
	<rule>
		<name>referer</name>
		<paramType>header</paramType>
		<regex>^http.*$</regex>
		<malformedAction>continue</malformedAction>
		<malformedMessage>Session cookie tampering detected</malformedMessage>
		<missingAction>ignore</missingAction>
	</rule>
 	
	<rule>
		<name>username</name>
		<paramType>parameter</paramType>
		<regex>^\w{6,}$</regex>
		<malformedAction>continue</malformedAction>
		<malformedMessage>Username should be at least 6 alphanumeric characters</malformedMessage>
		<missingAction>continue</missingAction>
		<missingMessage>You must enter a username</missingMessage>
	</rule>
 	
	<rule>
		<name>password</name>
		<paramType>parameter</paramType>
		<regex>^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$</regex>
		<malformedAction>continue</malformedAction>
		<malformedMessage>Your password must be at least 8 digits long and contain 1 digit, 1 lower case and 1 uppercase letter</malformedMessage>
		<missingAction>continue</missingAction>
		<missingMessage>You must enter a password</missingMessage>
	</rule>
</ruleset>